I ask this question to get best practices. For example, we access software sources from a logged in pc user to an admin share with domain admin credentials to copy sources to target PC. we put creds and close window after copy but the admin cred is still "accessible", user could connect to another admin share without enter creds. My questions are :
- After how many time have i to reenter credentials?
- Is it possible to make a setting to be prompted every time we access admin share?
- What are the best practices for admin share accesses.
Thanks. Regards.
This should never be a problem due to another user does not have access to an administrator's session where connections to servers/SMB shares occur.
What it sounds like you are doing is: 1) remote control of a user session 2) connecting from there to a SMB share using privileged credentials.
If so, that is a poor security practice. What ever resource they are accessing needs to be accessible to different roles that do not expose this security risk.
In particular, domain admin accounts should only be used for administering domain resources, which aren't many, and only from secured endpoints, never from a user workstation.